Skip to content

garden-runc/1.4.0

You can find the source of this version on GitHub at cloudfoundry-incubator/guardian-release. It was created based on the commit 60f9e9dd.

Release Notes

Hi Gardeneers!

GRR v1.4.0 mostly introduces some changes to the network plugin API and introduces a first-pass experimental ability to limit container block IO. Please, contain your enthusiasm.

Network Plugin / Networking Changes

  • We now allow the network plugin to return a set of DNS servers which we will ensure are set on the container’s resolv.conf. This allows DNS policy to be set by the network plugin if enabled.
  • When the network plugin is not enabled, there’s now an additional_dns_servers property that allows specifying extra DNS servers which should be appended to any inherited from resolv.conf or set to the dns_servers property.
  • /etc/hosts and /etc/resolv.conf are now bind-mounted in to the container rather than being written in a chroot. This interacts better with user namespaces and rootless containers and is generally more simple and secure.
  • We no longer set up the built-in networkers iptable chains when an external network plugin is enabled, to avoid confusion caused by two things both creating iptable state on the host
  • Log messages from NetOut(log=true) rules now properly truncate handles so that space separation is preserved when the handle is longer than 29 characters

BlockIO Limiting (Experimental)

  • We’ve added an experimental default_container_blockio_weight property to allow assigning a blockio weight to all containers created by garden. This requires the CFQ scheduler to be enabled to be useful and applies to all garden-created containers on the host. The feature is being released experimentally via the bosh property, feedback welcome!

Rootless Mode

Usage

You can reference this release in your deployment manifest from the releases section:

- name: "garden-runc"
  version: "1.4.0"
  url: "https://bosh.io/d/github.com/cloudfoundry-incubator/guardian-release?v=1.4.0"
  sha1: "e1b8955f8ea5334090959d5492e9a40b8a194c0d"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 e1b8955f8ea5334090959d5492e9a40b8a194c0d \
  "https://bosh.io/d/github.com/cloudfoundry-incubator/guardian-release?v=1.4.0"

Jobs

Packages